-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: fix llhttp version number #43029
Conversation
It's a bit confusing but I think that we acutally have llhttp version 6.0.6 in master versus 6.0.4. If I check out 6.0.4 from the llhttp repo and then generate a release it is missing changes from what we have in Node.js Checking out 6.0.6 seems to give the matching release artifacts. Signed-off-by: Michael Dawson <mdawson@devrus.com>
Review requested:
|
@mcollina I think you are probably the best person to confirm this as I think you did the update to pull the newer llhttp version into Node.js. I was initially confused when I tried to recreate llhttp as part of documenting how to do an update in #43028. I checked out llhttp version v6.0.4 in the llhttp repo, generated and copied on top of what we had in Node.js master. I was confused in that there were a number of fixes that seemed to be missing. After some poking around I then did the same with 6.0.6 and after the copy the only changes were
From that I |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, likely my bad.
I'm fairly certain this isn't the first time the version number has gone out of sync with upstream llhttp, and it happens when we have security issues that involve llhttp updates -- we have historically applied the llhttp patches directly to the private Node.js repository, released the security release and then @indutny cuts a new llhttp release shortly after. In this case we're not updating directly from llhttp upstream as documented in #43028. |
@richardlau we should probably think a bit more about the security update process to see if there is anything we can do on that front. |
It's a bit confusing but I think that we acutally have llhttp version 6.0.6 in master versus 6.0.4. If I check out 6.0.4 from the llhttp repo and then generate a release it is missing changes from what we have in Node.js Checking out 6.0.6 seems to give the matching release artifacts. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #43029 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Landed in c059921 |
It's a bit confusing but I think that we acutally have llhttp version 6.0.6 in master versus 6.0.4. If I check out 6.0.4 from the llhttp repo and then generate a release it is missing changes from what we have in Node.js Checking out 6.0.6 seems to give the matching release artifacts. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #43029 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It's a bit confusing but I think that we acutally have llhttp version 6.0.6 in master versus 6.0.4. If I check out 6.0.4 from the llhttp repo and then generate a release it is missing changes from what we have in Node.js Checking out 6.0.6 seems to give the matching release artifacts. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #43029 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It's a bit confusing but I think that we acutally have llhttp version 6.0.6 in master versus 6.0.4. If I check out 6.0.4 from the llhttp repo and then generate a release it is missing changes from what we have in Node.js Checking out 6.0.6 seems to give the matching release artifacts. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #43029 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
It's a bit confusing but I think that we acutally have
llhttp version 6.0.6 in master versus 6.0.4. If I check
out 6.0.4 from the llhttp repo and then generate a
release it is missing changes from what we have in Node.js
Checking out 6.0.6 seems to give the matching release
artifacts.
Signed-off-by: Michael Dawson mdawson@devrus.com